icedtea "jar" tool could automatically pack reproducible jars

Open

Details

2 participants

Danny Milosavljevic
Ludovic Courtès

Owner: unassigned

Submitted by: Danny Milosavljevic

Severity: normal

Danny Milosavljevic wrote on 10 Nov 2019 15:48

Recipients:(address . bug-guix@gnu.org)

Message-ID:20191110154849.1123db10@scratchpost.org

Hi,

it would be better if icedtea's "jar" tool automatically packed reproducible jar

files instead of us doing some barely safe unzip-then-rezip-with-specific-order

in the ant-build-system.

It could check the environment variable SOURCE_DATE_EPOCH and then use that as

timestamp for the zip entries.

Alternatively, it could just leave the DOS timestamp field off of the zip

entries.

Maven already has support for the former[1]--we might be able to reuse that.

[1] https://maven.apache.org/plugins/maven-jar-plugin/jar-mojo.html

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl3II1EACgkQ5xo1VCww

uqXvhAf8CasRnJCxUqlNONVPeF/HMATV9YVzEpLjNkaTnoP8HlOEaM+LPWaLXt87

lSbA5yFLGZRPPTz9xPUutM8vWg/XyAl5O/jGIDPDK29Vl2hlUwxrFyo3WmTP0QBs

lPj9n48Z5ZwM4NoLS6KAPNCokwPR/wVOs1m5OhfrzCDGrOIVAnksNE39MZxEfIZR

54UFQOlInzCSgnBpMiDuO7UEnV4xRiXeSp/dHZ/aK3KAQKLJeKHMRLOkKao+ePtQ

KOaHPHcydyVh75SnDcBnLV9psmOKH+SIfc0ydSkEPKD6yUdZirpR+PlRH2UFX9Gw

iftF/EkLVucN48jx5FGZnAuBwn19vA==

=kGaR

-----END PGP SIGNATURE-----

Ludovic Courtès wrote on 11 Nov 2019 21:59

Recipients:(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 38162@debbugs.gnu.org)

Message-ID:87pnhym8ny.fsf@gnu.org

Hi Danny,

Danny Milosavljevic <dannym@scratchpost.org> skribis:

Toggle quote (7 lines)

> it would be better if icedtea's "jar" tool automatically packed reproducible jar

> files instead of us doing some barely safe unzip-then-rezip-with-specific-order

> in the ant-build-system.

> It could check the environment variable SOURCE_DATE_EPOCH and then use that as

> timestamp for the zip entries.

Someone proposed patches several months ago to reset timestamps in

jar/zip files, which I reviewed, but then lost track of (which may well

be my fault!) and I can’t find them on guix-patches now.

If you don’t mind researching a bit :-), this could be helpful.

Ludo’.

Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 38162@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date